On June 6, 2023, security researchers discovered a vulnerability in Roundcube’s “markasjunk” plugin. This vulnerability allow attackers to execute command by sending a specifically crafted identity email address through plugin.
Although the CVSSv3 score of the vulnerability is defined as “6.5”, according to Cyberthint analysts, its impact is actually critical and CWE ID: CWE-77.
Affected Versions: Roundcube versions 1.6.1 and earlier versions, when the markasjunk plugin is enabled.
Joomla is used in many websites as a popular content management system. On February 16, 2023, a critical vulnerability with the identifier “CVE-2023-23752” was announced for Joomla. This vulnerability allows unauthorized users to access sensitive information on the website.
A heap buffer underflow vulnerability has been identified in the management interface of Fortinet’s FortiOS and FortiProxy products. CVSSv3 score was determined as 9.3 of the vulnerability tracked by code CVE-2023-25610.
This security vulnerability allows threat actors to unauthorized code/commands execution or perform DoS attacks with specially generated with HTTP requests.